News

In a large enterprise, employee devices can harbor thousands of unsafe apps

​Mobile enterprise environments are increasingly the target for embedded spyware, adware and backdoors, security provider says.

March 17, 2015

Veracode, a provider of security solutions for Web, mobile and third-party applications has released data showing that, based on its assessment, the average global enterprise has approximately 2,400 unsafe applications installed in its mobile environment.

Based on an analysis of hundreds of thousands of mobile applications installed in actual corporate environments Veracode found 14,000 unsafe applications of which:

• 85 percent expose sensitive device data, including SIM card information such as phone location, call history, phone contacts, SMS message logs, device IDs and carrier information;
• 37 percent perform suspicious security actions, such as installing or uninstalling applications; or running other programs; and
• 35 percent retrieve or share personal information about the user, such as browser history and calendars, allowing attackers to develop a complete profile of users and their social connections.

Existing approaches for addressing unsafe mobile apps, such as manually curated blacklists, are difficult to scale and keep up to date. As a result, they either fail to keep up with mobile threats or frustrate employees by prohibiting apps for no reason.

To address this problem, Veracode has integrated security intelligence from its cloud-based mobile application reputation service with mobile device and enterprise mobility solutions from major mobile device management vendors. Users can automatically enforce corporate policies on all managed devices, the release said.